>From the looks of it I would say it is targeting servers running SSL. Are you
>serving up HTTP or HTTPS ?
From: Mitchell Krog Photography
Sent: Wednesday, October 05, 2016 8:18:38 AM
To: Tawasol Go; users@httpd.apache.org
Subject: Re: [users@httpd] Unknown
It’s some kind of buffer overflow attempt. I’ve been seeing this in logs for
months. It started a few months back with the Berkeley University Scanner who
are researching by sending out a string like that and then seeing what response
they get. It’s to check for some kind of exploit. Their IP
Hello Guys,
Need to Understand this kind of traffic where I noticed many of them
hitting my site.
IP
0.0.0.0 - - [02/Oct/2016:11:29:08 +0300]
"n\x1d\xb6\x18\x9ad\xec[\x1d\b\xe6k\xbb\xe5L" 200 48605
0.0.0.0 - - [02/Oct/2016:16:04:20 +0300]
My fault, I didn't notice the first time I read your message, that you were
using "JkMount /*"
AFAIK that proxies "everything" to the tomcat backend, so it is in the
tomcat where you should set your error pages, or configure your tomcat
module to make an exception for the paths you are going to
